Re: How to get the correct SID format so I can search with it?
- From: Pucca <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 15 Aug 2006 14:19:02 -0700
Thanks Joe. Now I really can't wait to receive the book.
I'm not sure where to download the utility SIDConverter. I seached for it
on MSDN but didn't find aything. Can you please tell me where to find this
tool to download? Many thanks.
--
Thanks.
"Joe Kaplan (MVP - ADSI)" wrote:
Our book contains a function called BuildFilterOctetString that can be used.
for converting arbitrary binary data in a byte[] to an LDAP filter format.
The format just looks like this:
\xx\xx\xx\xx
Where each xx is a hex pair (padded with a leading 0 if needed) representing
each byte and the "\" is just a prefix character. There isn't much to the
function. You could write it easily yourself.
There is also a handy utility on the file downloads for the website called
SIDConverter that demonstrates what all of the different representations of
a SID might look like in the LDAP world.
Finally, AD 2003 accepts a special undocumented version of the SID for LDAP
filters, which is just the SDDL format:
(objectSid=S-1-5-20-xxxx)
HTH,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:130241F2-BB4F-47FE-9970-64C7E30C83FD@xxxxxxxxxxxxxxxx
Hi, I'm using vs2005, net 2.0 on Windows 2000. With the following code,
I'm
getting back SID looking like a decimal format. But when I do a search
with
this value it doesn't find the AD object which I verify for user that it
is
there. I think I'm not using the correct SID format. Doesn anyone know
how
to put his in the correct SID format so I can serach with it? Thanks.
DirectoryContext dc = new
DirectoryContext(DirectoryContextType.Domain, DNSDomain);
Domain curDom = Domain.GetDomain(dc);
DirectoryEntry de = curDom.GetDirectoryEntry();
SecurityIdentifier si = new SecurityIdentifier
((byte[])de.Properties["objectSid"].Value, 0);
sid = si.Value.ToString();
DirectoryEntry deRoot = new DirectoryEntry("LDAP://CN="; + split[1] + "," +
curDomain);
string sid = domainSID + "-" + child.Properties["cn"].Value.ToString();
DirectorySearcher dsFindADObject = new DirectorySearcher(deRoot);
dsFindADObject.Filter = "(objectSid=" + sid + ")";
dsFindADObject.PropertiesToLoad.Add("objectSid");
SearchResult sr = dsFindADObject.FindOne();
string foundSid = null;
if(sr != null)
foundSid = sr.Properties["objectSid"].ToString();
--
Thanks.
- Follow-Ups:
- Re: How to get the correct SID format so I can search with it?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How to get the correct SID format so I can search with it?
- References:
- Re: How to get the correct SID format so I can search with it?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How to get the correct SID format so I can search with it?
- Prev by Date: Re: How to get the correct SID format so I can search with it?
- Next by Date: Re: How to get the correct SID format so I can search with it?
- Previous by thread: Re: How to get the correct SID format so I can search with it?
- Next by thread: Re: How to get the correct SID format so I can search with it?
- Index(es):
Relevant Pages
|
